In our previous MSSP Alert article, Tips for Assessing Your Vendor Opportunities as a MSSP, we provided a concise list of necessary “ingredients” for a MSSP’s recipe for success. Number one on the list is the cybersecurity vendor providing the MSSP with a “an integrate-able and integrated solution.” Number two is the vendor’s “enablement” program, which we are going to take a deep dive into now.
The primary thing to remember about enablement is that if a vendor says, “Hey, sign up for our YouTube channel and watch a whole bunch of training videos,” then that vendor should not get your business. Why? Because there’s nothing unique about that kind of enablement—every cybersecurity vendor in the market offers it—and it’s certainly not enough support to be successful. MSSPs need more from their vendor partnerships.
What MSSPs Should Expect from Vendors
An exceptional vendor is going to provide MSSPs with access to seasoned employees that know the product offerings and cybersecurity industry inside and out. These experts will have used their experience to construct repeatable pathways to service offerings that MSSPs can leverage and confidently sell to their customers.
Cybersecurity vendors that MSSPs really want to partner with will also offer a lab environment where its partners can demonstrate the technology to their prospects. MSSPs also need a partner that will take the time to actually train salespeople on how best to talk about their product’s business value—this is all about taking product value and turning it into business value, the right vendor will understand this and help with the translation.
How Vendors Help MSSPs Bring a Solution to Market
MSSPs need a vendor to provide honest answers to a number of questions, including:
- What are you going to help me bring a solution to market?
- What are your other partners doing?
- How do your solutions compete?
- What are the implementation best practices for your solution?
- Do you have an offer lifecycle best practice?
- How will you increase our revenue?
In order to answer these queries appropriately, vendors must understand an MSSP’s end game and exactly how their offer benefits end users. By understanding the business proposition for its partners and their customers, vendors can align to that business proposition and help MSSPs bring the best solutions to market.
Key to offering the most appropriate solutions, vendors must get the following elements right:
- Time to market
- Monetization of the offer
- Competitiveness of the offer
- Support through the go-to-market process
Additionally, a MSSP’s successful partnership with a cybersecurity vendor should be founded on the belief that the vendor values the MSSP’s time and money as much as their own. Fortinet has found that offer development is the key to accelerating offers to market and accelerating time to revenue.
Some Best Practices
To provide their partners with the best product offerings and enablement, vendors need to emphasize with MSSPs. From our experience, we have found that MSSPs basically want us to show them, help them, and teach them. Therefore, a best practice for a vendor is to start from the inside and work out. MSSPs can facilitate the process by asking the vendor to answer three basic questions:
- Do you understand the lifecycle of our offer?
- Can you help us bring a solution and offer through that lifecycle?
- Will you be there to support us every step the way?
- Is there a dedicated team within your organization that does this?
Once an MSSP has the answers and commitment they need, they will understand if they selected the right vendor. Many will simply push this off on the vendor account teams and expect it to be a priority, it rarely is. Advanced vendors understand the difference between go-to-market support and offer creation.
The right vendor will introduce a partner to their dedicated Offer Development team — made up of bright technical people — to define their customer’s business objectives and build from the ground up a new process that is outward in looking. This should be followed by a technology discussion, a proof-of-concept and validation phase, and trials with early adopters and pilot projects, and finally, production. The entire process needs to be a closed loop.
Until the new service offering signs up a customer, it is an expense. MSSPs need vendors that have their back and stay engaged until the service becomes a revenue-generating endeavor. A MSSP is making an investment in the vendor as much as the vendor is investing in the MSSP. Both parties must understand it is a two-way street.
MSSPs should expect the vendor to have maniacal focus on delivery and, more importantly, time to revenue. After all, the ultimate measure of success for any business relationship rests on: “Can we grow revenue together? And how fast can we get there?”
Other Values a Vendor Should Provide MSSPs
Vendors should create incremental value for MSSPs. One key value is flexibility in how and an offer can be integrated, managed, and deployed. For example, some customers want on-premises appliances, some want leverage cloud-based (SaaS) solutions, and some want 100% cloud and 100% virtual. The flexibility of these options is critical to the evolution of the services.
MSSPs will find a lot of value in working with vendors that have the ability to deliver an offer in multiple ways on multiple platforms. It's that flexibility that allows them to address the broadest set of opportunities and the broadest market. Like offers, customers mature, so having an offer that can be flexible as the customer matures is critical.
Another key value is convergence like the combining of networking and security or the combination of features/components like Secure SD-WAN, zero-trust network access (ZTNA), firewall-as-a-service (FWaaS) into a single security solution.
MSSPs Should Choose Vendors Wisely
Looking ahead to 2023 and beyond, with the big picture mind, MSSPs need to consider some industry analysts forecasts that predict significant vendor consolidation by 2025. Experts expect that large organizations will be actively pursuing a vendor consolidation strategy. Therefore, MSSPs will want to select cybersecurity providers that are well-positioned to survive in long run or risk losing big investments in time, effort, and money.
In other words, MSSPs need to be sure they pick a set of vendors now that aren't going to be obsolete in two years.